diff options
| author | Timo Wilken | 2023-01-22 22:56:03 +0100 |
|---|---|---|
| committer | Timo Wilken | 2023-01-22 23:08:18 +0100 |
| commit | ae3206dbf89b494264afbe457b13afebdea920d2 (patch) | |
| tree | 6d18a37769387d913ce91c2af80cbadd7c020363 /tw/home.scm | |
| parent | 599f82d0857d408b25f2df95163c3bd1ae596eda (diff) | |
Rename "common" modules to be base modules
Diffstat (limited to 'tw/home.scm')
| -rw-r--r-- | tw/home.scm | 224 |
1 files changed, 224 insertions, 0 deletions
diff --git a/tw/home.scm b/tw/home.scm new file mode 100644 index 00000000..cc97308c --- /dev/null +++ b/tw/home.scm @@ -0,0 +1,224 @@ +(define-module (tw home) + #:use-module (ice-9 string-fun) + #:use-module (gnu) + #:use-module (gnu home services) + #:use-module (gnu home services shells) + #:use-module (gnu home services shepherd) + #:use-module (gnu home services ssh) + #:use-module (guix gexp) + #:use-module (tw packages shell) + #:use-module (tw system)) + +(use-package-modules admin compression curl databases disk dns file finance + gnupg graphviz imagemagick less linux lisp maths + password-utils pretty-print pv python python-xyz rsync + shells shellutils ssh textutils tmux version-control + video vim web) + +(define-public common-packages + (list + curl dos2unix fdupes file git gnupg gnuplot graphviz hledger imagemagick jq + less lesspipe net-tools openssh password-store pass-otp pv python + python-ipython recutils rsync sbcl smartmontools source-highlight tmux tree + xxd zip unzip + get-iplayer ffmpeg atomicparsley yt-dlp + + ;; Install only bind-utils like dig, not the full suite. + (list isc-bind "utils") + + ;; Ranger can do code highlighting using python-pygments and + ;; image previews in kitty using python-pillow. + ranger python-pygments python-pillow mediainfo python-pdftotext + + ;; Shell + zsh zsh-autosuggestions zsh-history-substring-search + zsh-syntax-highlighting zsh-completions)) + +(export gnupg-services) ; there doesn't seem to be a `define*-public' macro +(define* (gnupg-services #:key gui-pinentry?) + (list + (simple-service 'gnupg-config home-files-service-type + `(;; GnuPG config files must be in ~/.local/share/gnupg, not ~/.config, + ;; so we can't use `home-xdg-configuration-files-service-type'. + (".local/share/gnupg/gpg.conf" ,(local-file "home/files/gpg.conf")) + (".local/share/gnupg/gpg-agent.conf" + ,(mixed-text-file "gpg-agent.conf" "\ +pinentry-program " (if gui-pinentry? + (file-append pinentry-rofi "/bin/pinentry-rofi") + (file-append pinentry-tty "/bin/pinentry-tty")) " +# Needed if spawning lots of parallel gpg --decrypt processes. https://dev.gnupg.org/T3530 +auto-expand-secmem +")))) + + (simple-service 'gnupg-agent home-shepherd-service-type + (list + (shepherd-service + (documentation "GPG agent; caches key passwords.") + (provision '(gpg-agent)) + (start #~(lambda _ + (invoke #$(file-append gnupg "/bin/gpg-agent") + "--daemon" "--no-detach"))) + (stop #~(lambda _ + (invoke "gpg-connect-agent" "killagent" "/bye")))))))) + +(define (wireguardify host) + (string-replace-substring host ".twilken.net" ".wg")) + +(define (make-own-ssh-host host port) + (openssh-host (name host) (port port) (user "timo"))) + +(define-public common-services + (list + (service home-zsh-service-type + (home-zsh-configuration + (zshrc (list (local-file "home/files/zshrc") + (local-file "home/files/prompt.zsh"))))) + + (simple-service 'common-config home-xdg-configuration-files-service-type + `(("git/config" ,(local-file "home/files/gitconfig")) + ("htop/htoprc" ,(local-file "home/files/htoprc")) + ("lesskey" ,(local-file "home/files/lesskey")) + ("ranger/rc.conf" ,(local-file "home/files/ranger.conf")) + ("tmux/tmux.conf" ,(local-file "home/files/tmux.conf")) + ("user-dirs.locale" ,(plain-file "user-dirs.locale" "C")) ; Not sure if this is needed. Arch has it. + ("user-dirs.dirs" ,(local-file "home/files/user-dirs.dirs")))) + + (simple-service 'common-scripts home-files-service-type + ;; With #:recursive? #t, Guix keeps the files' permission bits, i.e. makes them executable. + `((".local/bin/ppscm" ,(local-file "home/files/ppscm" #:recursive? #t)))) ; pretty-print scheme files + + (simple-service 'common-environment home-environment-variables-service-type + `(;; Path to my own package definitions. If invoking `guix home' + ;; afresh, this needs to be set manually to find these packages. + ("GUIX_PACKAGE_PATH" . "$HOME/src/guix-decls") + + ;; Prepend my own binaries to $PATH. These should probably all + ;; be managed through `home-files-service-type'. + ("PATH" . "$HOME/.local/bin${PATH:+:}$PATH") + + ;; Default terminal-related applications (except Emacs, which is separate). + ("PAGER" . "less") + ;; Guix force-overrides $LESS by default, so force-force it to do what I + ;; want instead. `less' reads the `lesskey' file configured above. + ("GUIX_PAGER" . "env -u LESS less") + ;; To make LESS_TERMCAP_* variables (set in lesskey) apply to man pages in kitty. + ("GROFF_NO_SGR" . "1") + + ;; Shell history -- primarily for zsh, but Emacs' eshell uses this too. + ("HISTSIZE" . "10000000") + + ;; ("NVIM_TUI_ENABLE_CURSOR_SHAPE" . "1") + ("LEDGER_FILE" . "$HOME/sync/ledger/ledger.journal") + ("GTAGSLABEL" . "pygments") + + ;; Disable at-spi-dbus-launcher accessibility service. + ("NO_AT_BRIDGE" . "1") + + ;; Auto-compilation is annoying and creates a bunch of files that are never cleaned up. + ("GUILE_AUTO_COMPILE" . "0") + + ;; For some reason, Guix doesn't seem to add these paths automatically. + ("GUILE_LOAD_PATH" . + ,(string-append + "$GUIX_PACKAGE_PATH:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH")) + ("GUILE_LOAD_COMPILED_PATH" . + ,(string-append + "$XDG_CONFIG_HOME/guix/current/lib/guile/3.0/site-ccache:" + "$XDG_CONFIG_HOME/guix/current/share/guile/site/3.0" + "${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH")))) + + ;; XDG basedir spec compliance for various programs + ;; See: https://wiki.archlinux.org/index.php/XDG_Base_Directory for a list of programs. + ;; The `home-xdg-base-directories' service (enabled by default) sets $XDG_* variables for us. + (simple-service 'xdg-spec-compliance home-environment-variables-service-type + '(("ANDROID_EMULATOR_HOME" . "$XDG_DATA_HOME/android-emulator") + ("ASPELL_CONF" . "per-conf $XDG_CONFIG_HOME/aspell/aspell.conf; home-dir $XDG_DATA_HOME/aspell") + ("BUP_DIR" . "$XDG_DATA_HOME/bup") + ("CARGO_HOME" . "$XDG_DATA_HOME/cargo") + ("DSHGROUP_PATH" . "$XDG_DATA_HOME/dsh/group:/etc/dsh/group") + ("ELECTRUMDIR" . "$XDG_DATA_HOME/electrum") + ("FG_HOME" . "$XDG_DATA_HOME/fgfs") + ("GETIPLAYERUSERPREFS" . "$XDG_DATA_HOME/get_iplayer") + ("GNUPGHOME" . "$XDG_DATA_HOME/gnupg") + ("GTK2_RC_FILES" . "$XDG_CONFIG_HOME/gtk-2.0/gtkrc") + ("ICEAUTHORITY" . "$XDG_CACHE_HOME/ICEauthority") + ("INPUTRC" . "$XDG_CONFIG_HOME/readline/inputrc") + ("IPYTHONDIR" . "$XDG_CONFIG_HOME/ipython") + ("JUPYTER_CONFIG_DIR" . "$XDG_CONFIG_HOME/jupyter") + ;; KONAN_DATA_DIR=~/.konan by default; grows to multiple GiB. + ;; https://discuss.kotlinlang.org/t/change-konan-folder-location/18309 + ("KONAN_DATA_DIR" . "$XDG_CACHE_HOME/konan") + ("NPM_CONFIG_USERCONFIG" . "$XDG_CONFIG_HOME/npm/npmrc") + ("PASSWORD_STORE_DIR" . "$XDG_DATA_HOME/password-store") + ("PLTUSERHOME" . "$XDG_DATA_HOME/racket") + ("PYLINTHOME" . "$XDG_CACHE_HOME/pylint") + ("PYLINTRC" . "$XDG_CONFIG_HOME/pylint/pylintrc") + ("RECOLL_CONFDIR" . "$XDG_CONFIG_HOME/recoll") + ("RLWRAP_HOME" . "$XDG_DATA_HOME/rlwrap") + ("STACK_ROOT" . "$XDG_DATA_HOME/stack") + ("TMUX_TMPDIR" . "$XDG_RUNTIME_DIR") + ("WEECHAT_HOME" . "$XDG_CONFIG_HOME/weechat") + ("XCOMPOSECACHE" . "$XDG_CACHE_HOME/X11/XCompose") + ("XCOMPOSEFILE" . "$XDG_CONFIG_HOME/X11/XCompose") + ("ZDOTDIR" . "$XDG_CONFIG_HOME/zsh") + ("_JAVA_OPTIONS" . + "$_JAVA_OPTIONS${_JAVA_OPTIONS:+ }-Djava.util.prefs.userRoot=$XDG_CONFIG_HOME/java"))) + + (service home-openssh-service-type + (home-openssh-configuration + (hosts + ;; Earlier rules take precedence over later ones. + `(,(openssh-host (name "*.srcf.net") (user "tw466")) + ;; My own machines + ,@(map make-own-ssh-host (map car %ssh-ports) (map cdr %ssh-ports)) + ,@(map make-own-ssh-host (map (compose wireguardify car) %ssh-ports) (map cdr %ssh-ports)) + ,(openssh-host (name "*.fritz.box") (proxy-command "ssh -v -W '[%h]:%p' lud.twilken.net")) + ;; Git hosts + ,@(map (lambda (host) (openssh-host (name host) (user "git"))) + '("github.com" "ssh.github.com" "bitbucket.org")) + ,(openssh-host (name "gitlab.cern.ch") (port 7999) (user "git") (proxy-command "none")) + ;; BitBucket apparently only supports ssh-rsa. + ,(openssh-host + (name "bitbucket.org") + (host-key-algorithms '("+ssh-rsa")) + (accepted-key-types '("+ssh-rsa"))) + ;; CERN stuff + ,(openssh-host (name "lxplus.cern.ch") (proxy-command "none")) ; avoid ProxyJump loops + ,(openssh-host + (name "twilkendesktop.cern.ch") + (port 22022) + (forward-x11? #t) + (extra-content "GSSAPIDelegateCredentials yes")) + ,@(map (lambda (spec) + (openssh-host (name (car spec)) (user (cdr spec)) + (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) + '(("alimonitor.cern.ch" . "alibuild") + ("alinsure.cern.ch" . "alibuild") + ("alibuildmac*.cern.ch" . "alibuild") + ("aido*osx*.cern.ch" . "alibuild") + ("alibuild*.cern.ch" . "root") + ("alissandra*.cern.ch" . "root") + ("alimesos*.cern.ch" . "root") + ("alientest*.cern.ch" . "root") + ("aliflow*.cern.ch" . "root") + ("alijenkins*.cern.ch" . "root"))) + ,(openssh-host + (name "*.cern.ch") + (user "twilken") + (identity-file "~/.local/share/ssh-keys/cern_id_rsa") + (proxy-command "ssh -v -W '[%h]:%p' -l twilken lxplus.cern.ch") + (extra-content "\ + # Kerberos authentication + GSSAPIAuthentication yes + GSSAPIDelegateCredentials no + PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive +")) + ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type' + ;; manages that and might delete keys there. + ,(openssh-host + (name "*") + (identity-file "~/.local/share/ssh-keys/id_rsa") + ;; Remote servers probably don't know about xterm-kitty. + (extra-content "SetEnv TERM=xterm-256color")))))))) |